This application claims the benefit, under 35 U.S.C. §365 of International Application PCT/EP2006/063600, filed Jun. 27, 2006, which was published in accordance with PCT Article 21(2) on Apr. 12, 2007 in English and which claims the benefit of European patent application No. 05447215.4, filed on Sep. 21, 2005.
The present invention relates to a method and a device to suspend access to a service in particular in a wireless network environment.
The Bluetooth standard has been developed by the Bluetooth Special Interest Group. It defines several aspects of security, and among them, the authentication and the authorization procedures.
Authentication is a generic procedure between two devices for verifying the identity of one of the devices (the ‘remote’ device) by the other device.
If a link key already exists, the procedure consists in a challenge-response mechanism using a random number, a secret key, and the Bluetooth device address of the non-initiating device. The secret key can be the previously exchanged link key.
If a link key does not exist, the procedure comprises the pairing of devices. Pairing is a procedure that authenticates a pair of devices, based on a personal identification number, noted the PIN, and subsequently creates a common link key. The procedure consists in the creation of an initialization key, the creation and exchange of a common link key, which is an authentication key used for the pair only, and the challenge-response mechanism.
The Bluetooth specification also defines authorization. This is a procedure where a user of a Bluetooth device grants a specific remote Bluetooth device access to a specific service. Authorization implies that the identity of the remote device can be verified through the authentication procedure. The procedure may be based on user confirmation or on the existence of a trusted relationship.
The creation of a trusted relationship is a procedure where the remote device is marked as a trusted device. Trusting consists in the marking of a paired device as a trusted device. Trust marking can be done by the user or done by the device automatically after a successful pairing.
The document Bluetooth Security White Paper, version 1.00, 2004-04-19, published by the Bluetooth Special Interest Group defines a particular security architecture. The paper introduces authorization and trusted devices. Access to a Bluetooth service is only granted after an authorization procedure (for example by performing a given user interaction). After the authorization, the device becomes a trusted device and can access the services on the other device.
The Bluetooth security architecture does not allow the administrator to temporarily deny access to services to certain frequent users. For example, consider the case where a Bluetooth device is an access point, and the access point owner has a neighbor who frequently comes by and makes use of the Bluetooth services. The neighbor knows the PIN code to access the Bluetooth access point. The access point owner would have to change the PIN code all the time to ensure that the neighbor does not access the Bluetooth access point from next door.